Privacy Policy

1. Introduction

AdmissusCase ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered legal technology platform ("Service").

We comply with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data Controller

AdmissusCase acts as the data controller for personal data processed through our Service. Our registered office is located within the European Union to ensure GDPR compliance.

Contact Information:
Email: privacy@admissuscase.com
Data Protection Officer: dpo@admissuscase.com

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, email address, organization, and professional credentials
• Document Data: Legal documents, case files, and related materials you upload to the platform
• Communication Data: Messages, inquiries, and feedback you send to us
• Payment Information: Billing details processed securely through third-party payment processors

3.2 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the platform
• Device Information: IP address, browser type, operating system, device identifiers
• Cookies and Similar Technologies: Session data, preferences, and analytics

4. How We Use Your Information

We process your personal data for the following purposes:

• Service Delivery: To provide, maintain, and improve our AI-powered legal analysis tools
• Document Processing: To analyze legal documents and generate insights using AI technology
• Communication: To respond to inquiries, provide customer support, and send service updates
• Security: To detect, prevent, and address technical issues and fraudulent activity
• Legal Compliance: To comply with applicable laws, regulations, and legal processes
• Analytics: To understand usage patterns and improve our Service (anonymized data)

Legal Basis (GDPR): We process your data based on (a) contract performance, (b) legitimate interests, (c) legal obligations, and (d) your consent where required.

5. Data Storage and Security

5.1 Data Location

All user data is stored on secure servers located within the European Union to ensure GDPR compliance. We use industry-standard encryption both in transit (TLS/SSL) and at rest.

5.2 Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy:

• Account Data: Retained while your account is active and for 30 days after deletion
• Document Data: Retained according to your preferences; deleted upon request
• Analytics Data: Anonymized after 90 days; aggregated data retained indefinitely
• Legal Requirements: Some data may be retained longer to comply with legal obligations

5.3 Security Measures

• End-to-end encryption for sensitive legal documents
• Multi-factor authentication (MFA) for user accounts
• Regular security audits and penetration testing
• Employee access controls and confidentiality agreements
• Automated backup and disaster recovery procedures

6. Data Sharing and Third Parties

We do not sell your personal data. We may share data with the following categories of recipients:

6.1 Service Providers (Sub-processors)

• Cloud Infrastructure: Neon Database (EU-based PostgreSQL hosting)
• AI Processing: OpenAI (with Data Processing Agreement in place)
• Analytics: Privacy-focused analytics providers (anonymized data only)
• Payment Processing: Stripe (PCI-DSS compliant payment processor)

All sub-processors are bound by Data Processing Agreements (DPAs) and comply with GDPR requirements.

6.2 Legal Disclosures

We may disclose your information if required by law, court order, or governmental authority, or to protect our rights, property, or safety.

7. Your Rights (GDPR)

Under GDPR, you have the following rights:

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time (where applicable)
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise your rights, contact us at privacy@admissuscase.com. We will respond within 30 days.

8. International Data Transfers

While our primary infrastructure is EU-based, some third-party services may process data outside the EEA. In such cases, we ensure adequate safeguards through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission
• Other legally recognized transfer mechanisms

9. Cookies and Tracking

We use essential cookies for platform functionality and analytics cookies to improve our Service. You can manage cookie preferences through your browser settings. For detailed information, see our Cookie Policy.

10. Children's Privacy

Our Service is not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a minor, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or legal requirements. We will notify you of material changes via email or prominent notice on our platform. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact Us

For questions about this Privacy Policy or our data practices, please contact: